1. Field of the Invention
This invention relates to computer security.
2. Related Art
In a data delivery system, data receivers need to know whether they can trust information they receive from senders. This need is increasing due to the growth of data exchanges and business transactions taking place on the Internet over non-secure communication links.
The growing Public Key Infrastructure (“PKI”) provides a way for receivers of data to know whether they can trust information they receive from senders. In the PKI, trusted third parties issue digital certificates (“public key certificates”) that attest to the authenticity of the binding of a public key to its owner. These trusted third parties are known as certification authorities “CAs”, or sometimes are called “public CAs” if their services are available to the public. These digital certificates are created and used using known encryption and decryption security techniques. Verisign, Inc. is an example of a public CA. Senders obtain a certificate from a CA, and include the certificate with the data they wish to send to the receiver The certificate includes enough information for the receiver to verify that the sender's self-identification is accurate (verification of identity), and that the data was not compromised between the sender and the receiver (validation of contents).
The PKI has the general drawback that digital certificates accepted by the receiver are limited to those from certification authorities that the receiver already trusts. Thus the general problem of providing trust information to the receiver is inherent in the PKI. The trust information required by the receiver can include the identities of trusted senders, for what purpose the senders are trusted, and sufficient information to authenticate messages from the trusted senders.
For instance, Secure Socket Layer (“SSL) is a widely adopted protocol that is used within the PKI for authentication and encryption. To authenticate a message, the client must have enough trust information regarding the digital certificate sent by the SSL server (“server certificate”)—at a minimum the client must have an authentic copy of the certificate of the CA who issued the SSL server certificate. However, computers, particularly in the consumer market, have limited resources, including limited nonvolatile storage, to store such information.
A computer administrator must decide which CA's to trust. In the case of personal computers used in homes or small offices, the user may be unsophisticated, lacking in knowledge, or unwilling to make and implement his trust decisions. A common solution is providing a factory-defined set of trust relationships. This makes the security measures transparently available to the user. However it is impractical for inexpensive personal computing devices due to the high cost of nonvolatile memory. In addition this solution provides a static set of trust relationships, and does not provide for updates.
The Incorporated Disclosures provide a method for a computing device to acquire trust information after it is manufactured. These applications disclose the general approach of using Security Information Objects (“SIOs”), with a single Trusted Security Information Provider (or at least a single level of TSIPs) defining the trust relationship for all parties. One drawback of the method disclosed is only the TSIP can issue an SIO. Furthermore, the TSIP must administer all parties's trust information, when the TSIP may only be interested in detailed definition of the trust relationship between the TSIP and its closest business partners. Yet, the TSIP may wish to retain some general control over what other partners can do.
In addition, complex interrelated business relationships exist and are evolving on the Internet, and it is desirable to design a system that will also provide accountability and enforcement of complex business relationships and rules. An example business hierarchy is shown in FIG. 1, and is discussed in detail in the Detailed Description below. Referring to FIG. 1, using the method disclosed in the Incorporated Disclosures, OEM1 and OEM2 would be indistinguishable to ISP1 and ISP2. However, it may be desired to distinguish between OEM1 and OEM2, for instance so that if ISP1 is a client of OEM1, it can be prevented from subscribing to services of OEM2. Or, so OEM2 cannot steal customers of OEM 1.
Accordingly, it would be advantageous for a security system to provide a way for each business party to dynamically provide trust information to its clients based on its own business and security requirements, while centralized control is maintained where desired. The system would be transparent to the end-user, and would be easy to implement.
The invention provides a Hierarchical Open Security Information Delegation and Acquisition System which allows secure and dynamic distribution of security information to multiple clients over non-secure channels. It also allows parties to modify the security information, within boundaries that are set by higher-level parties. Such modification can include adding third-party CAs to the list of entities trusted to issue SSL certificates. It provides a technique for each business party to define its own trust relationships with other entities including public CAs, within the parameters that are hierarchically set.